What Do Managers Really Need to Know about Technology? – Part 2

In my previous blog entry I argued that to be effective, information security managers need to have at least a high-level knowledge of information security technology. I also suggested some technology areas that would be especially good to know. At the same time, it is important to be aware not only of current information security technology, but also of information security technology that is likely to emerge and become important in the future. At a minimum, this requires being aware of:

The specific types of information security technology that are likely to emerge in the future and the kinds of advantages and disadvantages associated with each. Learning about each such technology and making rational decisions about it are difficult given the high levels of “hype” that surrounds so many future technologies. One of the best sources of accurate information is peers who have been studying such technologies, provided, of course, that the results of their research can be shared because they are not considered proprietary by the organizations for which they work. Organizations such as the Forrester Group and the Yankee Group can also be of considerable help in efforts to obtain such information. Lamentably, however, very few presentations and panel sessions in information security conferences cover future information security technology.

How each potential future technology is related to business needs. Some future technology may appear to be flashy, but it (like the practice of information security itself) will be of value only to the degree that it meets critical business needs. Obtaining suitable answers also requires making reasonable guesses concerning likely business drivers of the future.

What potential for synergy and integration with other technologies does each potential future technology have? Some future information security technologies are likely to be more synergistic with other technologies than are others. The same applies to integration, and integration with an organization’s existing technology infrastructure is a particularly critical consideration.

The probable longevity of each future technology. What kinds of future information security technology are likely to persist and why? Which will in all probability decline? Given all the technologies (e.g., DCE, PKI, password filters, and so many more) that were so highly touted in their infancies but that quickly lost popularity, understanding probable longevity is especially important.

Having suitable knowledge about current information security technologies is certainly not easy; keeping up with potential future information security technologies is no easier. Yet doing both is, however, increasingly necessary given the critical role of technology in today’s information security practices.